Keith Alexander is trying to explain himself. The former director of the NSA stoked astonishment when reports surfaced that he would ask from $600,000 to as much as $1 million per month as a cybersecurity consultant. What could make him so valuable, save the highly classified secrets in his head? A congressman went so far as to speculate that he'd be selling state secrets. But it isn't so, Alexander says. In an interview with Foreign Policy, he offers a new accounting:

The answer, Alexander said in an interview Monday, is a new technology, based on a patented and "unique" approach to detecting malicious hackers and cyber-intruders that the retired Army general said he has invented, along with his business partners at IronNet Cybersecurity Inc., the company he co-founded after leaving the government and retiring from military service in March. But the technology is also directly informed by the years of experience Alexander has had tracking hackers, and the insights he gained from classified operations as the director of the NSA, which give him a rare competitive advantage over the many firms competing for a share of the cybersecurity market.

Details on the "unique approach" are thin, but it wouldn't surprise me if Freedom of Information Act requests are already being prepared to send to the U.S. Patent Office:

Alexander said he'll file at least nine patents, and possibly more, for a system to detect so-called advanced persistent threats, or hackers who clandestinely burrow into a computer network in order to steal secrets or damage the network itself.

As FP notes, these are the sorts of "cyberattacks" that Alexander harped on while in government, claiming they already represented "the greatest transfer of wealth in American history."

Let's mull that over. While responsible for countering cybersecurity threats to America, Alexander presides over what he characterizes as staggering cyber-thefts and hugely worrisome security vulnerabilities. After many years, he retires. And immediately, he has a dramatically better solution to this pressing national-security problem, one he never implemented in government but plans to patent and sell!

FP's Shane Harris talked to some lawyers and reports:

Alexander is believed to be the first ex-director of the NSA to file patents on technology that's directly related to the job he had in government. He said that he had spoken to lawyers at the NSA, and privately, to ensure that his new patents were "ironclad" and didn't rely on any work that he'd done for the agency—which still holds the intellectual property rights to other technology Alexander invented while he ran the agency.

Alexander is on firm legal ground so long as he can demonstrate that his invention is original and sufficiently distinct from any other patented technologies. Government employees are allowed to retain the patents for technology they invent while working in public service, but only under certain conditions, patent lawyers said. If an NSA employee's job, for instance, is to research and develop new cybersecurity technologies or techniques, then the government would likely retain any patent, because the invention was directly related to the employee's job. However, if the employee invented the technology on his own time and separate from his core duties, he might have a stronger argument to retain the exclusive rights to the patent.

This is an emperor-has-no-clothes moment. We're supposed to believe that Alexander went home and developed much of a million-dollar-per-month cybersecurity technology in his spare time, while doing two different demanding national-security jobs, without using NSA resources or classified information, in a way that was somehow separate from his core duties, which included a cyber-security portfolio?

It beggars belief:

He was the longest-serving director in the history of the NSA and the first commander of the U.S. Cyber Command, responsible for all cybersecurity personnel—defensive and offensive—in the military and the Defense Department. From those two perches, Alexander had access to the government's most highly classified intelligence about hackers trying to steal U.S. secrets and disable critical infrastructure, such as the electrical power grid. Indeed, he helped to invent new techniques for finding those hackers and filed seven patents on cybersecurity technologies while working for the NSA.

He'd now have us belief that in his spare time he was developing even better techniques than the ones he developed in government. Even if true that would be a scandal! Harris posed the obvious question: "Asked why he didn't share this new approach with the federal government when he was in charge of protecting its most important computer systems, Alexander said the key insight about using behavior models came from one of his business partners, whom he also declined to name, and that it takes an approach that the government hadn't considered. It's these methods that Alexander said he will seek to patent."

So there you go.

Alexander toils in his spare time. The million-dollar idea is almost there ... but not quite. Then, just as he retires, a mystery man comes through with a veritable flux capacitor. How fortuitous!

The business partner, whose name we're not allowed to know, and with whom Alexander was able to collaborate immediately upon leaving his job, but not before, contributed the crucial insight—ostensibly without any assistance from his future business partner, who had access to all the most useful possible classified information—but despite coming up with this ostensibly invaluable intellectual property independently, the mystery man is willing to cut Alexander in for a seven- or eight-figure payday.

As if that weren't enough:

Alexander said they were particularly worried about threats like the Wiper virus, a malicious computer program that targeted the Iranian Oil Ministry in April 2012, erasing files and data. That will come as a supreme irony to many computer security experts, who say that Wiper is a cousin of the notorious Stuxnet virus, which was built by the NSA—while Alexander was in charge—in cooperation with Israeli intelligence.

The man who both presided over the creation of the most sophisticated cyber-weapon in history and hyped the threat of cyberattacks more than anyone else in America will now patent and privately sell for millions a product to stop cyberattacks. When did the business partnership with the mystery man form, one wonders? The whole story, which could only happen in America, would seem to lend some urgency to Jason Leopold's lawsuit trying to secure Alexander's financial disclosure forms from the NSA, which is refusing to give them up.

If the limited facts on offer don't stink enough to prompt a congressional inquiry—ideally one that gets Alexander testifying under oath—what possible fact pattern would rouse the branch of government charged with oversight? At the very best, he is stoking a perception of impropriety so extreme that it speaks poorly of his character that he's chosen to retire in this fashion. If anything more nefarious is going on, hopefully either Congress or the press will be able to expose it. The stakes are certainly high enough to justify digging.

By using this service you agree not to post material that is obscene, harassing, defamatory, or
otherwise objectionable. Although GovExec.com does not monitor comments posted to this site (and
has no obligation to), it reserves the right to delete, edit, or move any material that it deems
to be in violation of this rule.

Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.